[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
github-actions[bot] wrote: @huang-me Congratulations on having your first Pull Request (PR) merged into the LLVM Project! Your changes will be combined with recent changes from other authors, then tested by our [build bots](https://lab.llvm.org/buildbot/). If there is a problem with a build, you may recieve a report in an email or a comment on this PR. Please check whether problems have been caused by your change specifically, as the builds can include changes from many authors. It is not uncommon for your change to be included in a build that fails due to someone else's changes, or infrastructure issues. How to do this, and the rest of the post-merge process, is covered in detail [here](https://llvm.org/docs/MyFirstTypoFix.html#myfirsttypofix-issues-after-landing-your-pr). If your change does cause a problem, it may be reverted, or you can revert it yourself. This is a normal part of [LLVM development](https://llvm.org/docs/DeveloperPolicy.html#patch-reversion-policy). You can fix your changes and open a new PR to merge them again. If you don't get any reports, no action is required from you. Your changes are working as expected, well done! https://github.com/llvm/llvm-project/pull/82089 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal closed https://github.com/llvm/llvm-project/pull/82089 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/82089
>From 2802ef4b9ed88da3cacb16ab7738907ee806 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Sat, 17 Feb 2024 10:43:48 +0800
Subject: [PATCH 01/10] Fix crash on StaticAnalyzer loop unrolling
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 11 +++
1 file changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index a80352816be613..4001268bde6677 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -226,6 +226,17 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
+for (const Decl *D : dyn_cast(CB)->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
+}
+
// Check the usage of the pass-by-ref function calls and adress-of operator
// on VD and reference initialized by VD.
ASTContext =
>From e9e195e4462da7f3ca2317096ddace6ce3e88d13 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Mon, 19 Feb 2024 18:17:27 +0800
Subject: [PATCH 02/10] Check if dynamic cast get pointer to valid elements
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 4001268bde6677..093e9bbf4ce5e0 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -228,11 +228,15 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
}
if (const SwitchStmt *SS = dyn_cast(S)) {
- for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
-for (const Decl *D : dyn_cast(CB)->decls()) {
- // Once we reach the declaration of the VD we can return.
- if (D->getCanonicalDecl() == VD)
-return false;
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB : CST->body()) {
+ if (const DeclStmt *DST = dyn_cast(CB)) {
+for (const Decl *D : DST->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
}
}
}
>From 6ed9ea88865e91f1727077b1a3a24d7b110060fd Mon Sep 17 00:00:00 2001
From: huang-me
Date: Tue, 20 Feb 2024 11:31:23 +0800
Subject: [PATCH 03/10] Add testcase for finding declaration within SwitchStmt
---
.../test-escaping-on-var-before-switch-case.c | 11 +++
1 file changed, 11 insertions(+)
create mode 100644
clang/test/Analysis/test-escaping-on-var-before-switch-case.c
diff --git a/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
new file mode 100644
index 00..95aed8cab06b55
--- /dev/null
+++ b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
VD}}
+case 0: {
+ for (i = 0; i < 16; i++) {}
+ break;
+}
+ }
+}
>From 294b7c960233cbef8ee0d8721c60792fd1e6a064 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Thu, 22 Feb 2024 21:04:06 +0800
Subject: [PATCH 04/10] Hoist duplicated code into function
---
.../lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 29 ++-
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 093e9bbf4ce5e0..697e811470e708 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -190,6 +190,17 @@ static bool isCapturedByReference(ExplodedNode *N, const
DeclRefExpr *DR) {
return FD->getType()->isReferenceType();
}
+static bool isFoundInStmt(const Stmt *S, const VarDecl *VD) {
+ if (const DeclStmt *DS = dyn_cast(S)) {
+for (const Decl *D : DS->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return true;
+}
+ }
+ return false;
+}
+
// A loop counter is considered escaped if:
// case 1: It is a global variable.
// case 2: It is a reference parameter or a reference capture.
@@ -219,24 +230,16 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/82089
>From 2802ef4b9ed88da3cacb16ab7738907ee806 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Sat, 17 Feb 2024 10:43:48 +0800
Subject: [PATCH 1/9] Fix crash on StaticAnalyzer loop unrolling
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 11 +++
1 file changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index a80352816be613..4001268bde6677 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -226,6 +226,17 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
+for (const Decl *D : dyn_cast(CB)->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
+}
+
// Check the usage of the pass-by-ref function calls and adress-of operator
// on VD and reference initialized by VD.
ASTContext =
>From e9e195e4462da7f3ca2317096ddace6ce3e88d13 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Mon, 19 Feb 2024 18:17:27 +0800
Subject: [PATCH 2/9] Check if dynamic cast get pointer to valid elements
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 4001268bde6677..093e9bbf4ce5e0 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -228,11 +228,15 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
}
if (const SwitchStmt *SS = dyn_cast(S)) {
- for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
-for (const Decl *D : dyn_cast(CB)->decls()) {
- // Once we reach the declaration of the VD we can return.
- if (D->getCanonicalDecl() == VD)
-return false;
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB : CST->body()) {
+ if (const DeclStmt *DST = dyn_cast(CB)) {
+for (const Decl *D : DST->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
}
}
}
>From 6ed9ea88865e91f1727077b1a3a24d7b110060fd Mon Sep 17 00:00:00 2001
From: huang-me
Date: Tue, 20 Feb 2024 11:31:23 +0800
Subject: [PATCH 3/9] Add testcase for finding declaration within SwitchStmt
---
.../test-escaping-on-var-before-switch-case.c | 11 +++
1 file changed, 11 insertions(+)
create mode 100644
clang/test/Analysis/test-escaping-on-var-before-switch-case.c
diff --git a/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
new file mode 100644
index 00..95aed8cab06b55
--- /dev/null
+++ b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
VD}}
+case 0: {
+ for (i = 0; i < 16; i++) {}
+ break;
+}
+ }
+}
>From 294b7c960233cbef8ee0d8721c60792fd1e6a064 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Thu, 22 Feb 2024 21:04:06 +0800
Subject: [PATCH 4/9] Hoist duplicated code into function
---
.../lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 29 ++-
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 093e9bbf4ce5e0..697e811470e708 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -190,6 +190,17 @@ static bool isCapturedByReference(ExplodedNode *N, const
DeclRefExpr *DR) {
return FD->getType()->isReferenceType();
}
+static bool isFoundInStmt(const Stmt *S, const VarDecl *VD) {
+ if (const DeclStmt *DS = dyn_cast(S)) {
+for (const Decl *D : DS->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return true;
+}
+ }
+ return false;
+}
+
// A loop counter is considered escaped if:
// case 1: It is a global variable.
// case 2: It is a reference parameter or a reference capture.
@@ -219,24 +230,16 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/82089
>From 2802ef4b9ed88da3cacb16ab7738907ee806 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Sat, 17 Feb 2024 10:43:48 +0800
Subject: [PATCH 1/8] Fix crash on StaticAnalyzer loop unrolling
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 11 +++
1 file changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index a80352816be613..4001268bde6677 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -226,6 +226,17 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
+for (const Decl *D : dyn_cast(CB)->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
+}
+
// Check the usage of the pass-by-ref function calls and adress-of operator
// on VD and reference initialized by VD.
ASTContext =
>From e9e195e4462da7f3ca2317096ddace6ce3e88d13 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Mon, 19 Feb 2024 18:17:27 +0800
Subject: [PATCH 2/8] Check if dynamic cast get pointer to valid elements
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 4001268bde6677..093e9bbf4ce5e0 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -228,11 +228,15 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
}
if (const SwitchStmt *SS = dyn_cast(S)) {
- for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
-for (const Decl *D : dyn_cast(CB)->decls()) {
- // Once we reach the declaration of the VD we can return.
- if (D->getCanonicalDecl() == VD)
-return false;
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB : CST->body()) {
+ if (const DeclStmt *DST = dyn_cast(CB)) {
+for (const Decl *D : DST->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
}
}
}
>From 6ed9ea88865e91f1727077b1a3a24d7b110060fd Mon Sep 17 00:00:00 2001
From: huang-me
Date: Tue, 20 Feb 2024 11:31:23 +0800
Subject: [PATCH 3/8] Add testcase for finding declaration within SwitchStmt
---
.../test-escaping-on-var-before-switch-case.c | 11 +++
1 file changed, 11 insertions(+)
create mode 100644
clang/test/Analysis/test-escaping-on-var-before-switch-case.c
diff --git a/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
new file mode 100644
index 00..95aed8cab06b55
--- /dev/null
+++ b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
VD}}
+case 0: {
+ for (i = 0; i < 16; i++) {}
+ break;
+}
+ }
+}
>From 294b7c960233cbef8ee0d8721c60792fd1e6a064 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Thu, 22 Feb 2024 21:04:06 +0800
Subject: [PATCH 4/8] Hoist duplicated code into function
---
.../lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 29 ++-
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 093e9bbf4ce5e0..697e811470e708 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -190,6 +190,17 @@ static bool isCapturedByReference(ExplodedNode *N, const
DeclRefExpr *DR) {
return FD->getType()->isReferenceType();
}
+static bool isFoundInStmt(const Stmt *S, const VarDecl *VD) {
+ if (const DeclStmt *DS = dyn_cast(S)) {
+for (const Decl *D : DS->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return true;
+}
+ }
+ return false;
+}
+
// A loop counter is considered escaped if:
// case 1: It is a global variable.
// case 2: It is a reference parameter or a reference capture.
@@ -219,24 +230,16 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
@@ -1,5 +1,7 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config unroll-loops=true,cfg-loopexit=true -verify -std=c++14 -analyzer-config exploration_strategy=unexplored_first_queue %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config unroll-loops=true,cfg-loopexit=true,exploration_strategy=dfs -verify -std=c++14 -DDFS=1 %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config unroll-loops=true -verify %s +// expected-no-diagnostics steakhal wrote: ```suggestion ``` https://github.com/llvm/llvm-project/pull/82089 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/82089
>From 2802ef4b9ed88da3cacb16ab7738907ee806 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Sat, 17 Feb 2024 10:43:48 +0800
Subject: [PATCH 1/7] Fix crash on StaticAnalyzer loop unrolling
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 11 +++
1 file changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index a80352816be613..4001268bde6677 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -226,6 +226,17 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
+for (const Decl *D : dyn_cast(CB)->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
+}
+
// Check the usage of the pass-by-ref function calls and adress-of operator
// on VD and reference initialized by VD.
ASTContext =
>From e9e195e4462da7f3ca2317096ddace6ce3e88d13 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Mon, 19 Feb 2024 18:17:27 +0800
Subject: [PATCH 2/7] Check if dynamic cast get pointer to valid elements
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 4001268bde6677..093e9bbf4ce5e0 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -228,11 +228,15 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
}
if (const SwitchStmt *SS = dyn_cast(S)) {
- for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
-for (const Decl *D : dyn_cast(CB)->decls()) {
- // Once we reach the declaration of the VD we can return.
- if (D->getCanonicalDecl() == VD)
-return false;
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB : CST->body()) {
+ if (const DeclStmt *DST = dyn_cast(CB)) {
+for (const Decl *D : DST->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
}
}
}
>From 6ed9ea88865e91f1727077b1a3a24d7b110060fd Mon Sep 17 00:00:00 2001
From: huang-me
Date: Tue, 20 Feb 2024 11:31:23 +0800
Subject: [PATCH 3/7] Add testcase for finding declaration within SwitchStmt
---
.../test-escaping-on-var-before-switch-case.c | 11 +++
1 file changed, 11 insertions(+)
create mode 100644
clang/test/Analysis/test-escaping-on-var-before-switch-case.c
diff --git a/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
new file mode 100644
index 00..95aed8cab06b55
--- /dev/null
+++ b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
VD}}
+case 0: {
+ for (i = 0; i < 16; i++) {}
+ break;
+}
+ }
+}
>From 294b7c960233cbef8ee0d8721c60792fd1e6a064 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Thu, 22 Feb 2024 21:04:06 +0800
Subject: [PATCH 4/7] Hoist duplicated code into function
---
.../lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 29 ++-
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 093e9bbf4ce5e0..697e811470e708 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -190,6 +190,17 @@ static bool isCapturedByReference(ExplodedNode *N, const
DeclRefExpr *DR) {
return FD->getType()->isReferenceType();
}
+static bool isFoundInStmt(const Stmt *S, const VarDecl *VD) {
+ if (const DeclStmt *DS = dyn_cast(S)) {
+for (const Decl *D : DS->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return true;
+}
+ }
+ return false;
+}
+
// A loop counter is considered escaped if:
// case 1: It is a global variable.
// case 2: It is a reference parameter or a reference capture.
@@ -219,24 +230,16 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/82089
>From 2802ef4b9ed88da3cacb16ab7738907ee806 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Sat, 17 Feb 2024 10:43:48 +0800
Subject: [PATCH 1/6] Fix crash on StaticAnalyzer loop unrolling
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 11 +++
1 file changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index a80352816be613..4001268bde6677 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -226,6 +226,17 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
+for (const Decl *D : dyn_cast(CB)->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
+}
+
// Check the usage of the pass-by-ref function calls and adress-of operator
// on VD and reference initialized by VD.
ASTContext =
>From e9e195e4462da7f3ca2317096ddace6ce3e88d13 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Mon, 19 Feb 2024 18:17:27 +0800
Subject: [PATCH 2/6] Check if dynamic cast get pointer to valid elements
---
clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 4001268bde6677..093e9bbf4ce5e0 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -228,11 +228,15 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
}
if (const SwitchStmt *SS = dyn_cast(S)) {
- for (const Stmt *CB : dyn_cast(SS->getBody())->body()) {
-for (const Decl *D : dyn_cast(CB)->decls()) {
- // Once we reach the declaration of the VD we can return.
- if (D->getCanonicalDecl() == VD)
-return false;
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB : CST->body()) {
+ if (const DeclStmt *DST = dyn_cast(CB)) {
+for (const Decl *D : DST->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return false;
+}
+ }
}
}
}
>From 6ed9ea88865e91f1727077b1a3a24d7b110060fd Mon Sep 17 00:00:00 2001
From: huang-me
Date: Tue, 20 Feb 2024 11:31:23 +0800
Subject: [PATCH 3/6] Add testcase for finding declaration within SwitchStmt
---
.../test-escaping-on-var-before-switch-case.c | 11 +++
1 file changed, 11 insertions(+)
create mode 100644
clang/test/Analysis/test-escaping-on-var-before-switch-case.c
diff --git a/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
new file mode 100644
index 00..95aed8cab06b55
--- /dev/null
+++ b/clang/test/Analysis/test-escaping-on-var-before-switch-case.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
VD}}
+case 0: {
+ for (i = 0; i < 16; i++) {}
+ break;
+}
+ }
+}
>From 294b7c960233cbef8ee0d8721c60792fd1e6a064 Mon Sep 17 00:00:00 2001
From: huang-me
Date: Thu, 22 Feb 2024 21:04:06 +0800
Subject: [PATCH 4/6] Hoist duplicated code into function
---
.../lib/StaticAnalyzer/Core/LoopUnrolling.cpp | 29 ++-
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 093e9bbf4ce5e0..697e811470e708 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -190,6 +190,17 @@ static bool isCapturedByReference(ExplodedNode *N, const
DeclRefExpr *DR) {
return FD->getType()->isReferenceType();
}
+static bool isFoundInStmt(const Stmt *S, const VarDecl *VD) {
+ if (const DeclStmt *DS = dyn_cast(S)) {
+for (const Decl *D : DS->decls()) {
+ // Once we reach the declaration of the VD we can return.
+ if (D->getCanonicalDecl() == VD)
+return true;
+}
+ }
+ return false;
+}
+
// A loop counter is considered escaped if:
// case 1: It is a global variable.
// case 2: It is a reference parameter or a reference capture.
@@ -219,24 +230,16 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)
https://github.com/steakhal edited https://github.com/llvm/llvm-project/pull/82089 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
